Increase HMAC key size limit to 4096 bytes.

The previous limit of 512 bytes meant that TLS was unable to negotiate using FFDHE-6144 or FFDHE-8192 groups.
author: Jack Lloyd <[email protected]> 2017-11-28 14:14:49 -0500
committer: Jack Lloyd <[email protected]> 2017-11-28 14:14:49 -0500
commit: c56cc4a056c8a442ed31ea2f47bb7e933569fcd4 (patch)
tree: 139fe4b93cf3e386cc361096f9e78cb4463b3dcd /src/lib
parent: e093d94b1aad8e11236fb82c211665a7f2d97c7c (diff)
2 files changed, 7 insertions, 5 deletions
diff --git a/src/lib/mac/hmac/hmac.cpp b/src/lib/mac/hmac/hmac.cpp
index 244946d88..532c98274 100644
--- a/src/lib/mac/hmac/hmac.cpp
+++ b/src/lib/mac/hmac/hmac.cpp
@@ -32,6 +32,12 @@ void HMAC::final_result(uint8_t mac[])
    m_hash->update(m_ikey);
    }
 
+Key_Length_Specification HMAC::key_spec() const
+   {
+   // Support very long lengths for things like PBKDF2 and the TLS PRF
+   return Key_Length_Specification(0, 4096);
+   }
+
 /*
 * HMAC Key Schedule
 */
diff --git a/src/lib/mac/hmac/hmac.h b/src/lib/mac/hmac/hmac.h
index 253184895..800159432 100644
--- a/src/lib/mac/hmac/hmac.h
+++ b/src/lib/mac/hmac/hmac.h
@@ -25,11 +25,7 @@ class BOTAN_PUBLIC_API(2,0) HMAC final : public MessageAuthenticationCode
 
       size_t output_length() const override { return m_hash->output_length(); }
 
-      Key_Length_Specification key_spec() const override
-         {
-         // Absurd max length here is to support PBKDF2
-         return Key_Length_Specification(0, 512);
-         }
+      Key_Length_Specification key_spec() const override;
 
       /**
       * @param hash the hash to use for HMACing
author	Jack Lloyd <[email protected]>	2017-11-28 14:14:49 -0500
committer	Jack Lloyd <[email protected]>	2017-11-28 14:14:49 -0500
commit	c56cc4a056c8a442ed31ea2f47bb7e933569fcd4 (patch)
tree	139fe4b93cf3e386cc361096f9e78cb4463b3dcd /src/lib
parent	e093d94b1aad8e11236fb82c211665a7f2d97c7c (diff)